Certificate error on company PC - Works on private PC
We are using a 3rd party webservice but we want to access their website with and other webb address.
But the problem when we access that site from our company computer we often get a certificate error message (please see the attached screenshots) and sometimes it works, rarely.
It works fine for the 3rd party company and so far on my private PC at home.
We are still on Windows 7 with IE 11, Chrome (v.60) and Firefox (v.55) and at home I run Windows 10.
Troubleshoot so far:
- We don't have any local DNS cache on our PC and I've cleared the cache on our DNS servers but it didn't help.
- Cleared cookies and reset IE, Chrome & Firefox
- Updated W7 & DNS-servers to the latest patches
Error messages
google-chrome firefox internet-explorer ssl certificate
edited Aug 30 '17 at 16:41
Ramhound
19.5k156085
asked Aug 25 '17 at 11:24
MrPew
63
|
show 4 more comments
We are using a 3rd party webservice but we want to access their website with and other webb address.
But the problem when we access that site from our company computer we often get a certificate error message (please see the attached screenshots) and sometimes it works, rarely.
It works fine for the 3rd party company and so far on my private PC at home.
We are still on Windows 7 with IE 11, Chrome (v.60) and Firefox (v.55) and at home I run Windows 10.
Troubleshoot so far:
- We don't have any local DNS cache on our PC and I've cleared the cache on our DNS servers but it didn't help.
- Cleared cookies and reset IE, Chrome & Firefox
- Updated W7 & DNS-servers to the latest patches
Error messages
google-chrome firefox internet-explorer ssl certificate
edited Aug 30 '17 at 16:41
Ramhound
19.5k156085
asked Aug 25 '17 at 11:24
MrPew
63
Simplest solution: Install the certificate for the certificate store on the work pc and Firefox the certificate itself clearly isn't 100% correct due to the error you are getting but doesn't mean it can't be trusted
– Ramhound
Aug 25 '17 at 11:35
1
It unusual for a certificate to be assigned to the root domain AND a wild card sub-domain at the same time
– Ramhound
Aug 25 '17 at 11:36
It would help to see both certificates: The one you get at home, and the one you get at work when it fails. It sounds like maybe they have the wrong certificate installed on one CDN node or one machine in a load-balanced pool.
– Spiff
Aug 25 '17 at 14:17
@Spiff, Firefox says that the website don't supply the owner information ( 1drv.ms/i/s!AolwST7Omf2r1xU7mWSrbuCspOro ) and that the requested domain dose not match the server's certificate ( 1drv.ms/i/s!AolwST7Omf2r1xY1JWs1gKDVhT-C ).
– MrPew
Aug 27 '17 at 14:52
1
Sorry I wasn't clear. I don't need to see screenshots of various browsers error messages, I was hoping you might be able to capture and post the actual certificate binary data (maybe base64 encoded as typical) so I can run my own tools to compare the "working" and "failing" certs.
– Spiff
Aug 27 '17 at 15:09
|
show 4 more comments
We are using a 3rd party webservice but we want to access their website with and other webb address.
But the problem when we access that site from our company computer we often get a certificate error message (please see the attached screenshots) and sometimes it works, rarely.
It works fine for the 3rd party company and so far on my private PC at home.
We are still on Windows 7 with IE 11, Chrome (v.60) and Firefox (v.55) and at home I run Windows 10.
Troubleshoot so far:
- We don't have any local DNS cache on our PC and I've cleared the cache on our DNS servers but it didn't help.
- Cleared cookies and reset IE, Chrome & Firefox
- Updated W7 & DNS-servers to the latest patches
Error messages
google-chrome firefox internet-explorer ssl certificate
edited Aug 30 '17 at 16:41
Ramhound
19.5k156085
asked Aug 25 '17 at 11:24
MrPew
63
We are using a 3rd party webservice but we want to access their website with and other webb address.
But the problem when we access that site from our company computer we often get a certificate error message (please see the attached screenshots) and sometimes it works, rarely.
It works fine for the 3rd party company and so far on my private PC at home.
We are still on Windows 7 with IE 11, Chrome (v.60) and Firefox (v.55) and at home I run Windows 10.
Troubleshoot so far:
- We don't have any local DNS cache on our PC and I've cleared the cache on our DNS servers but it didn't help.
- Cleared cookies and reset IE, Chrome & Firefox
- Updated W7 & DNS-servers to the latest patches
Error messages
google-chrome firefox internet-explorer ssl certificate
google-chrome firefox internet-explorer ssl certificate
edited Aug 30 '17 at 16:41
Ramhound
19.5k156085
asked Aug 25 '17 at 11:24
MrPew
63
edited Aug 30 '17 at 16:41
Ramhound
19.5k156085
asked Aug 25 '17 at 11:24
MrPew
63
edited Aug 30 '17 at 16:41
Ramhound
19.5k156085
edited Aug 30 '17 at 16:41
Ramhound
19.5k156085
edited Aug 30 '17 at 16:41
Ramhound
19.5k156085
19.5k156085
asked Aug 25 '17 at 11:24
MrPew
63
asked Aug 25 '17 at 11:24
MrPew
63
asked Aug 25 '17 at 11:24
MrPew
63
63
Simplest solution: Install the certificate for the certificate store on the work pc and Firefox the certificate itself clearly isn't 100% correct due to the error you are getting but doesn't mean it can't be trusted
– Ramhound
Aug 25 '17 at 11:35
1
It unusual for a certificate to be assigned to the root domain AND a wild card sub-domain at the same time
– Ramhound
Aug 25 '17 at 11:36
It would help to see both certificates: The one you get at home, and the one you get at work when it fails. It sounds like maybe they have the wrong certificate installed on one CDN node or one machine in a load-balanced pool.
– Spiff
Aug 25 '17 at 14:17
@Spiff, Firefox says that the website don't supply the owner information ( 1drv.ms/i/s!AolwST7Omf2r1xU7mWSrbuCspOro ) and that the requested domain dose not match the server's certificate ( 1drv.ms/i/s!AolwST7Omf2r1xY1JWs1gKDVhT-C ).
– MrPew
Aug 27 '17 at 14:52
1
Sorry I wasn't clear. I don't need to see screenshots of various browsers error messages, I was hoping you might be able to capture and post the actual certificate binary data (maybe base64 encoded as typical) so I can run my own tools to compare the "working" and "failing" certs.
– Spiff
Aug 27 '17 at 15:09
|
show 4 more comments
Simplest solution: Install the certificate for the certificate store on the work pc and Firefox the certificate itself clearly isn't 100% correct due to the error you are getting but doesn't mean it can't be trusted
– Ramhound
Aug 25 '17 at 11:35
1
It unusual for a certificate to be assigned to the root domain AND a wild card sub-domain at the same time
– Ramhound
Aug 25 '17 at 11:36
It would help to see both certificates: The one you get at home, and the one you get at work when it fails. It sounds like maybe they have the wrong certificate installed on one CDN node or one machine in a load-balanced pool.
– Spiff
Aug 25 '17 at 14:17
@Spiff, Firefox says that the website don't supply the owner information ( 1drv.ms/i/s!AolwST7Omf2r1xU7mWSrbuCspOro ) and that the requested domain dose not match the server's certificate ( 1drv.ms/i/s!AolwST7Omf2r1xY1JWs1gKDVhT-C ).
– MrPew
Aug 27 '17 at 14:52
1
Sorry I wasn't clear. I don't need to see screenshots of various browsers error messages, I was hoping you might be able to capture and post the actual certificate binary data (maybe base64 encoded as typical) so I can run my own tools to compare the "working" and "failing" certs.
– Spiff
Aug 27 '17 at 15:09
Simplest solution: Install the certificate for the certificate store on the work pc and Firefox the certificate itself clearly isn't 100% correct due to the error you are getting but doesn't mean it can't be trusted
– Ramhound
Aug 25 '17 at 11:35
Simplest solution: Install the certificate for the certificate store on the work pc and Firefox the certificate itself clearly isn't 100% correct due to the error you are getting but doesn't mean it can't be trusted
– Ramhound
Aug 25 '17 at 11:35
1
1
It unusual for a certificate to be assigned to the root domain AND a wild card sub-domain at the same time
– Ramhound
Aug 25 '17 at 11:36
It unusual for a certificate to be assigned to the root domain AND a wild card sub-domain at the same time
– Ramhound
Aug 25 '17 at 11:36
It would help to see both certificates: The one you get at home, and the one you get at work when it fails. It sounds like maybe they have the wrong certificate installed on one CDN node or one machine in a load-balanced pool.
– Spiff
Aug 25 '17 at 14:17
It would help to see both certificates: The one you get at home, and the one you get at work when it fails. It sounds like maybe they have the wrong certificate installed on one CDN node or one machine in a load-balanced pool.
– Spiff
Aug 25 '17 at 14:17
@Spiff, Firefox says that the website don't supply the owner information ( 1drv.ms/i/s!AolwST7Omf2r1xU7mWSrbuCspOro ) and that the requested domain dose not match the server's certificate ( 1drv.ms/i/s!AolwST7Omf2r1xY1JWs1gKDVhT-C ).
– MrPew
Aug 27 '17 at 14:52
@Spiff, Firefox says that the website don't supply the owner information ( 1drv.ms/i/s!AolwST7Omf2r1xU7mWSrbuCspOro ) and that the requested domain dose not match the server's certificate ( 1drv.ms/i/s!AolwST7Omf2r1xY1JWs1gKDVhT-C ).
– MrPew
Aug 27 '17 at 14:52
1
1
Sorry I wasn't clear. I don't need to see screenshots of various browsers error messages, I was hoping you might be able to capture and post the actual certificate binary data (maybe base64 encoded as typical) so I can run my own tools to compare the "working" and "failing" certs.
– Spiff
Aug 27 '17 at 15:09
Sorry I wasn't clear. I don't need to see screenshots of various browsers error messages, I was hoping you might be able to capture and post the actual certificate binary data (maybe base64 encoded as typical) so I can run my own tools to compare the "working" and "failing" certs.
– Spiff
Aug 27 '17 at 15:09
|
show 4 more comments
3 Answers
3
active
oldest
votes
Edit: Aha! Well, looks like the SSL certs setup is part of the service that they offer, as long as you're on a good enough plan.
In our company, we had some cases where we had websites set up to use an official cert for external traffic (public) and then, for internal users, a different DNS address. In this case, the server was set up to serve those internal requests using a self-signed certificate. This worked because we were able to acquire those certificates and add them to Firefox/Chrome so they would be trusted.
In your case, you are trying to access the site under a different DNS name in a similar way, but you're still getting the same certificate. The domains listed on certificate will not match, ever and you cannot override that. You would either have to...
- ask Freshdesk to add your custom domain to their cert and get a new one (which they're unlikely to do since it would cost them money)
- ask Freshdesk to detect when your requests come through on helpdesk.****.se and use a different cert such as a self-signed one (also unlikely because it may require major configuration changes on their end)
- get your IT team to set up a MITM proxy so that internal requests to helpdesk.****.se get translated into whatever DNS for freshdesk.com transparently, then re-sign it using a company certificate. This is probably your best bet.
answered Aug 30 '17 at 10:10
BoffinbraiN
754513
Thank you for your reply! First: This is what they have already done and I've made the CNAME records on out local DNS-servers and on our external DNS (3rd party).
– MrPew
Aug 30 '17 at 13:18
Second: I'll ask them to do that if it isn't solved soon.
– MrPew
Aug 30 '17 at 13:20
Third: I would like to avoid using a proxy for a few reasons and one of them is that we don't use one to day.
– MrPew
Aug 30 '17 at 13:21
Right! I didn't look at the actual service provider's website before, but it looks like they can accommodate that kind of thing. I updated my answer.
– BoffinbraiN
Aug 30 '17 at 15:49
add a comment |
It appeared that our local DNS-servers had an old DNS record that made this strange behavior.
I removed some old DNS records to our 3rd party (Freshdesk) and it worked ever since.
I thank you all for your support in this!
answered Sep 1 '17 at 11:37
MrPew
63
add a comment |
As you mentioned company PC and most of the companies have a domain controller.
I was also encountered with the same problem and it got rectified by removing PC out of the domain.
Follow below steps once if other solutions aren't working at times.
- Make a desktop profile as an admin and change the password if you
are using LDAP. - Login into desktop admin profile and remove the PC from the domain.
- After the PC/Laptop restarts, adjust the data & time accordingly and
perform a test.
answered Dec 17 at 10:35
shajji05
11
There's nothing preventing a domain member workstation from being able to work in the same way a non domain computer in respect to this question about certificates. Removing a computer front the domain is certain to create many more problems that it would solve.
– Twisty Impersonator
Dec 17 at 10:58
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1244317%2fcertificate-error-on-company-pc-works-on-private-pc%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Edit: Aha! Well, looks like the SSL certs setup is part of the service that they offer, as long as you're on a good enough plan.
In our company, we had some cases where we had websites set up to use an official cert for external traffic (public) and then, for internal users, a different DNS address. In this case, the server was set up to serve those internal requests using a self-signed certificate. This worked because we were able to acquire those certificates and add them to Firefox/Chrome so they would be trusted.
In your case, you are trying to access the site under a different DNS name in a similar way, but you're still getting the same certificate. The domains listed on certificate will not match, ever and you cannot override that. You would either have to...
- ask Freshdesk to add your custom domain to their cert and get a new one (which they're unlikely to do since it would cost them money)
- ask Freshdesk to detect when your requests come through on helpdesk.****.se and use a different cert such as a self-signed one (also unlikely because it may require major configuration changes on their end)
- get your IT team to set up a MITM proxy so that internal requests to helpdesk.****.se get translated into whatever DNS for freshdesk.com transparently, then re-sign it using a company certificate. This is probably your best bet.
answered Aug 30 '17 at 10:10
BoffinbraiN
754513
Thank you for your reply! First: This is what they have already done and I've made the CNAME records on out local DNS-servers and on our external DNS (3rd party).
– MrPew
Aug 30 '17 at 13:18
Second: I'll ask them to do that if it isn't solved soon.
– MrPew
Aug 30 '17 at 13:20
Third: I would like to avoid using a proxy for a few reasons and one of them is that we don't use one to day.
– MrPew
Aug 30 '17 at 13:21
Right! I didn't look at the actual service provider's website before, but it looks like they can accommodate that kind of thing. I updated my answer.
– BoffinbraiN
Aug 30 '17 at 15:49
add a comment |
Edit: Aha! Well, looks like the SSL certs setup is part of the service that they offer, as long as you're on a good enough plan.
In our company, we had some cases where we had websites set up to use an official cert for external traffic (public) and then, for internal users, a different DNS address. In this case, the server was set up to serve those internal requests using a self-signed certificate. This worked because we were able to acquire those certificates and add them to Firefox/Chrome so they would be trusted.
In your case, you are trying to access the site under a different DNS name in a similar way, but you're still getting the same certificate. The domains listed on certificate will not match, ever and you cannot override that. You would either have to...
- ask Freshdesk to add your custom domain to their cert and get a new one (which they're unlikely to do since it would cost them money)
- ask Freshdesk to detect when your requests come through on helpdesk.****.se and use a different cert such as a self-signed one (also unlikely because it may require major configuration changes on their end)
- get your IT team to set up a MITM proxy so that internal requests to helpdesk.****.se get translated into whatever DNS for freshdesk.com transparently, then re-sign it using a company certificate. This is probably your best bet.
answered Aug 30 '17 at 10:10
BoffinbraiN
754513
Thank you for your reply! First: This is what they have already done and I've made the CNAME records on out local DNS-servers and on our external DNS (3rd party).
– MrPew
Aug 30 '17 at 13:18
Second: I'll ask them to do that if it isn't solved soon.
– MrPew
Aug 30 '17 at 13:20
Third: I would like to avoid using a proxy for a few reasons and one of them is that we don't use one to day.
– MrPew
Aug 30 '17 at 13:21
Right! I didn't look at the actual service provider's website before, but it looks like they can accommodate that kind of thing. I updated my answer.
– BoffinbraiN
Aug 30 '17 at 15:49
add a comment |
Edit: Aha! Well, looks like the SSL certs setup is part of the service that they offer, as long as you're on a good enough plan.
In our company, we had some cases where we had websites set up to use an official cert for external traffic (public) and then, for internal users, a different DNS address. In this case, the server was set up to serve those internal requests using a self-signed certificate. This worked because we were able to acquire those certificates and add them to Firefox/Chrome so they would be trusted.
In your case, you are trying to access the site under a different DNS name in a similar way, but you're still getting the same certificate. The domains listed on certificate will not match, ever and you cannot override that. You would either have to...
- ask Freshdesk to add your custom domain to their cert and get a new one (which they're unlikely to do since it would cost them money)
- ask Freshdesk to detect when your requests come through on helpdesk.****.se and use a different cert such as a self-signed one (also unlikely because it may require major configuration changes on their end)
- get your IT team to set up a MITM proxy so that internal requests to helpdesk.****.se get translated into whatever DNS for freshdesk.com transparently, then re-sign it using a company certificate. This is probably your best bet.
answered Aug 30 '17 at 10:10
BoffinbraiN
754513
Edit: Aha! Well, looks like the SSL certs setup is part of the service that they offer, as long as you're on a good enough plan.
In our company, we had some cases where we had websites set up to use an official cert for external traffic (public) and then, for internal users, a different DNS address. In this case, the server was set up to serve those internal requests using a self-signed certificate. This worked because we were able to acquire those certificates and add them to Firefox/Chrome so they would be trusted.
In your case, you are trying to access the site under a different DNS name in a similar way, but you're still getting the same certificate. The domains listed on certificate will not match, ever and you cannot override that. You would either have to...
- ask Freshdesk to add your custom domain to their cert and get a new one (which they're unlikely to do since it would cost them money)
- ask Freshdesk to detect when your requests come through on helpdesk.****.se and use a different cert such as a self-signed one (also unlikely because it may require major configuration changes on their end)
- get your IT team to set up a MITM proxy so that internal requests to helpdesk.****.se get translated into whatever DNS for freshdesk.com transparently, then re-sign it using a company certificate. This is probably your best bet.
answered Aug 30 '17 at 10:10
BoffinbraiN
754513
edited Aug 30 '17 at 15:48
answered Aug 30 '17 at 10:10
BoffinbraiN
754513
answered Aug 30 '17 at 10:10
BoffinbraiN
754513
answered Aug 30 '17 at 10:10
BoffinbraiN
754513
754513
Thank you for your reply! First: This is what they have already done and I've made the CNAME records on out local DNS-servers and on our external DNS (3rd party).
– MrPew
Aug 30 '17 at 13:18
Second: I'll ask them to do that if it isn't solved soon.
– MrPew
Aug 30 '17 at 13:20
Third: I would like to avoid using a proxy for a few reasons and one of them is that we don't use one to day.
– MrPew
Aug 30 '17 at 13:21
Right! I didn't look at the actual service provider's website before, but it looks like they can accommodate that kind of thing. I updated my answer.
– BoffinbraiN
Aug 30 '17 at 15:49
add a comment |
Thank you for your reply! First: This is what they have already done and I've made the CNAME records on out local DNS-servers and on our external DNS (3rd party).
– MrPew
Aug 30 '17 at 13:18
Second: I'll ask them to do that if it isn't solved soon.
– MrPew
Aug 30 '17 at 13:20
Third: I would like to avoid using a proxy for a few reasons and one of them is that we don't use one to day.
– MrPew
Aug 30 '17 at 13:21
Right! I didn't look at the actual service provider's website before, but it looks like they can accommodate that kind of thing. I updated my answer.
– BoffinbraiN
Aug 30 '17 at 15:49
Thank you for your reply! First: This is what they have already done and I've made the CNAME records on out local DNS-servers and on our external DNS (3rd party).
– MrPew
Aug 30 '17 at 13:18
Thank you for your reply! First: This is what they have already done and I've made the CNAME records on out local DNS-servers and on our external DNS (3rd party).
– MrPew
Aug 30 '17 at 13:18
Second: I'll ask them to do that if it isn't solved soon.
– MrPew
Aug 30 '17 at 13:20
Second: I'll ask them to do that if it isn't solved soon.
– MrPew
Aug 30 '17 at 13:20
Third: I would like to avoid using a proxy for a few reasons and one of them is that we don't use one to day.
– MrPew
Aug 30 '17 at 13:21
Third: I would like to avoid using a proxy for a few reasons and one of them is that we don't use one to day.
– MrPew
Aug 30 '17 at 13:21
Right! I didn't look at the actual service provider's website before, but it looks like they can accommodate that kind of thing. I updated my answer.
– BoffinbraiN
Aug 30 '17 at 15:49
Right! I didn't look at the actual service provider's website before, but it looks like they can accommodate that kind of thing. I updated my answer.
– BoffinbraiN
Aug 30 '17 at 15:49
add a comment |
It appeared that our local DNS-servers had an old DNS record that made this strange behavior.
I removed some old DNS records to our 3rd party (Freshdesk) and it worked ever since.
I thank you all for your support in this!
answered Sep 1 '17 at 11:37
MrPew
63
add a comment |
It appeared that our local DNS-servers had an old DNS record that made this strange behavior.
I removed some old DNS records to our 3rd party (Freshdesk) and it worked ever since.
I thank you all for your support in this!
answered Sep 1 '17 at 11:37
MrPew
63
add a comment |
It appeared that our local DNS-servers had an old DNS record that made this strange behavior.
I removed some old DNS records to our 3rd party (Freshdesk) and it worked ever since.
I thank you all for your support in this!
answered Sep 1 '17 at 11:37
MrPew
63
It appeared that our local DNS-servers had an old DNS record that made this strange behavior.
I removed some old DNS records to our 3rd party (Freshdesk) and it worked ever since.
I thank you all for your support in this!
answered Sep 1 '17 at 11:37
MrPew
63
answered Sep 1 '17 at 11:37
MrPew
63
answered Sep 1 '17 at 11:37
MrPew
63
answered Sep 1 '17 at 11:37
MrPew
63
63
add a comment |
add a comment |
As you mentioned company PC and most of the companies have a domain controller.
I was also encountered with the same problem and it got rectified by removing PC out of the domain.
Follow below steps once if other solutions aren't working at times.
- Make a desktop profile as an admin and change the password if you
are using LDAP. - Login into desktop admin profile and remove the PC from the domain.
- After the PC/Laptop restarts, adjust the data & time accordingly and
perform a test.
answered Dec 17 at 10:35
shajji05
11
There's nothing preventing a domain member workstation from being able to work in the same way a non domain computer in respect to this question about certificates. Removing a computer front the domain is certain to create many more problems that it would solve.
– Twisty Impersonator
Dec 17 at 10:58
add a comment |
As you mentioned company PC and most of the companies have a domain controller.
I was also encountered with the same problem and it got rectified by removing PC out of the domain.
Follow below steps once if other solutions aren't working at times.
- Make a desktop profile as an admin and change the password if you
are using LDAP. - Login into desktop admin profile and remove the PC from the domain.
- After the PC/Laptop restarts, adjust the data & time accordingly and
perform a test.
answered Dec 17 at 10:35
shajji05
11
There's nothing preventing a domain member workstation from being able to work in the same way a non domain computer in respect to this question about certificates. Removing a computer front the domain is certain to create many more problems that it would solve.
– Twisty Impersonator
Dec 17 at 10:58
add a comment |
As you mentioned company PC and most of the companies have a domain controller.
I was also encountered with the same problem and it got rectified by removing PC out of the domain.
Follow below steps once if other solutions aren't working at times.
- Make a desktop profile as an admin and change the password if you
are using LDAP. - Login into desktop admin profile and remove the PC from the domain.
- After the PC/Laptop restarts, adjust the data & time accordingly and
perform a test.
answered Dec 17 at 10:35
shajji05
11
As you mentioned company PC and most of the companies have a domain controller.
I was also encountered with the same problem and it got rectified by removing PC out of the domain.
Follow below steps once if other solutions aren't working at times.
- Make a desktop profile as an admin and change the password if you
are using LDAP. - Login into desktop admin profile and remove the PC from the domain.
- After the PC/Laptop restarts, adjust the data & time accordingly and
perform a test.
answered Dec 17 at 10:35
shajji05
11
answered Dec 17 at 10:35
shajji05
11
answered Dec 17 at 10:35
shajji05
11
answered Dec 17 at 10:35
shajji05
11
11
There's nothing preventing a domain member workstation from being able to work in the same way a non domain computer in respect to this question about certificates. Removing a computer front the domain is certain to create many more problems that it would solve.
– Twisty Impersonator
Dec 17 at 10:58
add a comment |
There's nothing preventing a domain member workstation from being able to work in the same way a non domain computer in respect to this question about certificates. Removing a computer front the domain is certain to create many more problems that it would solve.
– Twisty Impersonator
Dec 17 at 10:58
There's nothing preventing a domain member workstation from being able to work in the same way a non domain computer in respect to this question about certificates. Removing a computer front the domain is certain to create many more problems that it would solve.
– Twisty Impersonator
Dec 17 at 10:58
There's nothing preventing a domain member workstation from being able to work in the same way a non domain computer in respect to this question about certificates. Removing a computer front the domain is certain to create many more problems that it would solve.
– Twisty Impersonator
Dec 17 at 10:58
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1244317%2fcertificate-error-on-company-pc-works-on-private-pc%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Simplest solution: Install the certificate for the certificate store on the work pc and Firefox the certificate itself clearly isn't 100% correct due to the error you are getting but doesn't mean it can't be trusted
– Ramhound
Aug 25 '17 at 11:35
1
It unusual for a certificate to be assigned to the root domain AND a wild card sub-domain at the same time
– Ramhound
Aug 25 '17 at 11:36
It would help to see both certificates: The one you get at home, and the one you get at work when it fails. It sounds like maybe they have the wrong certificate installed on one CDN node or one machine in a load-balanced pool.
– Spiff
Aug 25 '17 at 14:17
@Spiff, Firefox says that the website don't supply the owner information ( 1drv.ms/i/s!AolwST7Omf2r1xU7mWSrbuCspOro ) and that the requested domain dose not match the server's certificate ( 1drv.ms/i/s!AolwST7Omf2r1xY1JWs1gKDVhT-C ).
– MrPew
Aug 27 '17 at 14:52
1
Sorry I wasn't clear. I don't need to see screenshots of various browsers error messages, I was hoping you might be able to capture and post the actual certificate binary data (maybe base64 encoded as typical) so I can run my own tools to compare the "working" and "failing" certs.
– Spiff
Aug 27 '17 at 15:09